Home Depot Confirms Security Breach, Customers' Payment Cards At Risk

Home Depot has confirmed that its payment system suffered a security breach, putting customers' payment cards at risk.

The breach was limited to U.S and Canadian stores, with no evidence that stores in Mexico were affected, the company said. It added that there is no evidence that PINs from debit cards were stolen.

The company announced in a press release that its investigation had found that malware had compromised its system. It said its investigation focused on April onwards.

“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO of Home Depot, in a press release.

"One would hope that in a post-Target world, every corporation would be upgrading their payment security systems and monitoring processes, so the potential length of the supposed Home Depot breach should leave us flabbergasted," said Nick Aceto, senior director of technology at payments company CardConnect

A new set of stolen credit card numbers may have originated from The Home Depot, according to a report based on information from numerous banks.

The breach, first published by security reporter Brian Krebs, features American and European cards that became available for purchase on Sept. 2. The Home Depot confirmed to Krebs that the company is investigating "unusual activity."

Krebs noted that the banks he spoke with had purchased stolen cards from a particular email address associated with Russian and Ukranian hackers that had been responsible for other attacks, including a breach at Target put more than 100 million customers in danger.

A Home Depot spokesperson issued a statement saying that the company was looking in to some irregularities.

At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate. Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately.

Mashable
is a global, multi-platform media and entertainment company. Powered by its own proprietary technology, Mashable is the go-to source for tech, digital culture and entertainment content for its dedicated and influential audience around the globe.